From 0febfbd952ff813f2a986e662f9017bffa0d724c Mon Sep 17 00:00:00 2001
From: Avichal Rakesh <arakesh@google.com>
Date: Mon, 12 Dec 2022 15:20:02 -0800
Subject: [PATCH] cameraservice: Add selinux policy for vndk cameraservice.

This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.

Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
      instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
---
 build/soong/service_fuzzer_bindings.go | 1 +
 private/compat/33.0/33.0.ignore.cil    | 1 +
 private/service_contexts               | 1 +
 public/cameraserver.te                 | 1 +
 public/service.te                      | 1 +
 5 files changed, 5 insertions(+)

diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 2ee0ae2ba..1da0aa3d5 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -118,6 +118,7 @@ var (
 		"android.hardware.wifi.IWifi/default":                                     EXCEPTION_NO_FUZZER,
 		"android.hardware.wifi.hostapd.IHostapd/default":                          EXCEPTION_NO_FUZZER,
 		"android.hardware.wifi.supplicant.ISupplicant/default":                    EXCEPTION_NO_FUZZER,
+		"android.frameworks.cameraservice.service.ICameraService/default":         EXCEPTION_NO_FUZZER,
 		"android.frameworks.sensorservice.ISensorManager/default":                 []string{"libsensorserviceaidl_fuzzer"},
 		"android.frameworks.stats.IStats/default":                                 EXCEPTION_NO_FUZZER,
 		"android.se.omapi.ISecureElementService/default":                          EXCEPTION_NO_FUZZER,
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 4e6c053cb..9d78291d4 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -12,6 +12,7 @@
     device_config_memory_safety_native_prop
     device_config_vendor_system_native_prop
     devicelock_service
+    fwk_camera_service
     fwk_sensor_service
     hal_bootctl_service
     hal_cas_service
diff --git a/private/service_contexts b/private/service_contexts
index e9fc83cbd..645e91ce7 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.frameworks.cameraservice.service.ICameraService/default      u:object_r:fwk_camera_service:s0
 android.frameworks.stats.IStats/default                              u:object_r:fwk_stats_service:s0
 android.frameworks.sensorservice.ISensorManager/default              u:object_r:fwk_sensor_service:s0
 android.hardware.audio.core.IConfig/default                          u:object_r:hal_audio_service:s0
diff --git a/public/cameraserver.te b/public/cameraserver.te
index d41339a4a..c88e3f0fb 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -19,6 +19,7 @@ allow cameraserver dmabuf_system_heap_device:chr_file r_file_perms;
 allow cameraserver hal_graphics_composer:fd use;
 
 add_service(cameraserver, cameraserver_service)
+add_service(cameraserver, fwk_camera_service)
 add_hwservice(cameraserver, fwk_camera_hwservice)
 
 allow cameraserver activity_service:service_manager find;
diff --git a/public/service.te b/public/service.te
index 1fcaaf148..c092be22f 100644
--- a/public/service.te
+++ b/public/service.te
@@ -7,6 +7,7 @@ type authorization_service,     service_manager_type;
 type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
 type bluetooth_service,         service_manager_type;
 type cameraserver_service,      service_manager_type;
+type fwk_camera_service,        service_manager_type;
 type default_android_service,   service_manager_type;
 type dice_maintenance_service,  service_manager_type;
 type dice_node_service,         service_manager_type;